I think a VIRUS remove my Avast programs

[manuellozano54]

HELP!!!!!!!!!!!!!!!!!!!!!!!

In the last days using the computer I noticed that my Avast icons disappeared from my task bar without a reason.

Also some of the windows services do not function like wireless access. For this and other reasons I tried to restore my system from earlier date but the system do not make the restore for any dates.

I ran the Repair function from the win CD and now all the services are OK, but after I reinstalled the Avast antivirus, I noticed that ALL THE EXE FILES FROM AVAST (located in C:\Program Files\Alwil Software\Avast4 disappeared from the directory.

Also I tried to run other on line antivirus services but they crashed before they finish.

I don't know what kind of virus can be.

PLEASE HELP ME

Thanks

[DavidR]

You may have something hidden by a rootkit attacking avast (and a number of other AVs).

Bagle Rootkit variant:
See http://forum.avast.com/index.php?topic=26554.0
http://forum.avast.com/index.php?topic=25941.0
These seem to have the best results with this type of attack and are reasonably user friendly.
http://research.pandasoftware.com/blogs/research/archive/2006/12/14/Rootkit-cleaner.aspx
http://www.f-secure.com/blacklight/try_blacklight.html
AVG Anti-Rootkit http://free.grisoft.com/doc/avg-anti-rootkit-free/lng/us/tpl/v5.

Try these and if they find any thing then try a repair of avast. Add Remove programs, select 'avast! Anti-Virus,' click the Change/Remove button and scroll down to Repair, click next and follow. If that doesn't work you may need to reinstall avast (uninstall, reboot, install, reboot.).

Download the latest version of avast http://www.avast.com/eng/download-avast-home.html and save it to your HDD, somewhere you can find it again. Use that when you reinstall.

[zhon]

i think its a trojan, considering the effects. most trojans and some script virus hides the .exe files, like what happened in my system a few days ago. i cant execute run, the taskbar (ctrl,alt,del) and system restore it also disables most of the administrator priviledges.

using the repair installation of avast and uninstalling it again i think will do the trick. but if some of your o.s services are not fully operational i think it might be the result of moving the infected file (quarantine) instead of using repair especially if the infected file is the .exe or some missing dll's.

if you tried online scanners and they can't do the job before its done I think your system is infected by a script virus that prevents any program from accesing the file system (deadlock= prevents a file from being accessed if its currently being used). if you can access your taskmanager try searching for a script that's running or go to msconfig and go to startup and see if there are any startup programs that looks malicious (different or the path of the file doesnt make any sense usually composed of ascii characters thats unreadable) just disable it restart and see what happens. if you have updated you avast virus database and can't remedy your system you might have to wait for a while for another update to fixed the virus. sorry

we have to understand that there is no such thing as a perfect antivirus software thats the reason why software evolves it has to constantly update the engine or its database to be effective) and dont expect a lot from free softwares, i do believe most of the best ones in life doesnt comes for free! hehehe

dont get me wrong im also using home... pro is expensive for most of us...I think.

[manuellozano54]

Hi All

I follow the instructions from DavidR and ran the F-Secure Blacklight Rootkit and found the following 10 SUPER Hidden files infected by WIN32-BEAGLE-WF (I think):

• Blank.txt
• Empty.txt
• Filters.xml
• hidr.exe
• news.png
• paint.png
• Sample1.jpg
• Sample2.jpg
• srosa.sys
• wintems.exe

Then I'm was able to reinstall the Avast Antivirus and now all is working fine.

Thanks a lot for all of you, especially to DavidR to give me the idea & experience to resolve my problem.

Thanks,

Manuel

[DavidR]

No problem, glad that I could help.

Welcome to the forums.

I know I didn't mention it (I didn't want to give too many instructions), but when you are hit by things like this it is difficult not to just get rid of things. If you had saved samples of these files or added them to the User Files section of the avast chest (where they can do no harm) then they could have been sent to avast for analysis. Hopefully there won't be a next time, but something to consider.

[Lisandro]

Then I'm was able to reinstall the Avast Antivirus and now all is working fine.

If you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.